regression-tests.recursor-dnssec/test_ProxyByTable.py

   1 import dns
   2 import os
   3 from recursortests import RecursorTest
   4
   5 class testProxyByTable(RecursorTest):
   6     """
   7     This test makes sure that we correctly use the proxy-mapped address during the ACL check
   8     """
   9     _confdir = 'ProxyByTable'
  10
  11     _config_template = """dnssec=validate
  12     auth-zones=authzone.example=configs/%s/authzone.zone
  13     allow-from=3.4.5.0/24
  14     """ % _confdir
  15
  16     _lua_config_file = """
  17     addProxyMapping("127.0.0.0/24", "3.4.5.6:99")
  18     """
  19
  20     @classmethod
  21     def generateRecursorConfig(cls, confdir):
  22         authzonepath = os.path.join(confdir, 'authzone.zone')
  23         with open(authzonepath, 'w') as authzone:
  24             authzone.write("""$ORIGIN authzone.example.
  25 @ 3600 IN SOA {soa}
  26 @ 3600 IN A 192.0.2.88
  27 """.format(soa=cls._SOA))
  28         super(testProxyByTable, cls).generateRecursorConfig(confdir)
  29
  30
  31     def testA(self):
  32         expected = dns.rrset.from_text('ns.secure.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.9'.format(prefix=self._PREFIX))
  33         query = dns.message.make_query('ns.secure.example', 'A', want_dnssec=True)
  34         query.flags |= dns.flags.AD
  35
  36         for method in ("sendUDPQuery", "sendTCPQuery"):
  37             sender = getattr(self, method)
  38             res = sender(query)
  39
  40             self.assertMessageIsAuthenticated(res)
  41             self.assertRRsetInAnswer(res, expected)
  42             self.assertMatchingRRSIGInAnswer(res, expected)
  43
  44